Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express (CCX). Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. The flaw (CVE-2020-3280), which has a CVSS score of 9.8 out of 10, stems from the Java Remote Management Interface of the product. “The vulnerability is due to insecure deserialization of user-supplied content by the affected software,” according to Cisco, in a Wednesday security alert. “An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device.” An unauthenticated, remote attacker could exploit this flaw to execute arbitrary code on an affected device. Those who are using Cisco Unified CCX version 12.0 and earlier are urged to update to the fixed release, 12.0(1)ES03. Version 12.5 is not vulnerable, according to Cisco. Cisco is not aware of any public announcements or malicious use of the flaw, according to the update. The tech giant on Wednesday also released a patch addressing a high-severity flaw (CVE-2020-3272) in its Prime Network Registrar, which enables dynamic host configuration protocol (DHCP) services (as well as DNS services). The flaw stems from insufficient input validation of…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-05-21 11:44:002020-05-21 11:44:00Critical Cisco Bug in Unified CCX Allows Remote Code Execution
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org